refactor: 修改授权相关Model,Serializer,API结构

2022-09-07 17:35:23 +08:00 · 2022-09-07 17:35:23 +08:00 · a27aeca2fd
parent 585ce6b46a
commit a27aeca2fd
13 changed files with 67 additions and 101 deletions
--- a/apps/authentication/serializers/connection_token.py
+++ b/apps/authentication/serializers/connection_token.py
@ -7,7 +7,7 @@ from common.utils import pretty_string
 from common.utils.random import random_string
 from assets.models import Asset, Gateway, Domain, CommandFilterRule
 from users.models import User
-from perms.serializers.base import ActionsField
+from perms.serializers.permission import ActionsField


 __all__ = [
--- a/apps/jumpserver/settings/_xpack.py
+++ b/apps/jumpserver/settings/_xpack.py
@ -6,7 +6,8 @@ from .. import const
 from .base import INSTALLED_APPS, TEMPLATES

 XPACK_DIR = os.path.join(const.BASE_DIR, 'xpack')
-XPACK_ENABLED = os.path.isdir(XPACK_DIR)
+# XPACK_ENABLED = os.path.isdir(XPACK_DIR)
+XPACK_ENABLED = False
 XPACK_TEMPLATES_DIR = []
 XPACK_CONTEXT_PROCESSOR = []

--- a/apps/perms/exceptions.py
+++ b/apps/perms/exceptions.py
@ -1,14 +0,0 @@
-from rest_framework import status
-from django.utils.translation import gettext_lazy as _
-
-from common.exceptions import JMSException
-
-
-class AdminIsModifyingPerm(JMSException):
-    status_code = status.HTTP_409_CONFLICT
-    default_detail = _('The administrator is modifying permissions. Please wait')
-
-
-class CanNotRemoveAssetPermNow(JMSException):
-    status_code = status.HTTP_409_CONFLICT
-    default_detail = _('The authorization cannot be revoked for the time being')
--- a/apps/perms/filters.py
+++ b/apps/perms/filters.py
@ -183,22 +183,15 @@ class AssetPermissionFilter(PermissionBaseFilter):
        if is_effective:
            have_user_q = Q(users__isnull=False) | Q(user_groups__isnull=False)
            have_asset_q = Q(assets__isnull=False) | Q(nodes__isnull=False)
-            have_system_user_q = Q(system_users__isnull=False)
            have_action_q = Q(actions__gt=0)

-            queryset = queryset.filter(
-                have_user_q & have_asset_q & have_system_user_q & have_action_q
-            )
+            queryset = queryset.filter(have_user_q & have_asset_q & have_action_q)
            queryset &= AssetPermission.objects.valid()
        else:
            not_have_user_q = Q(users__isnull=True) & Q(user_groups__isnull=True)
            not_have_asset_q = Q(assets__isnull=True) & Q(nodes__isnull=True)
-            not_have_system_user_q = Q(system_users__isnull=True)
            not_have_action_q = Q(actions=0)

-            queryset = queryset.filter(
-                not_have_user_q | not_have_asset_q | not_have_system_user_q |
-                not_have_action_q
-            )
+            queryset = queryset.filter(not_have_user_q | not_have_asset_q | not_have_action_q)
            queryset |= AssetPermission.objects.invalid()
        return queryset
--- a/apps/perms/models/asset_permission.py
+++ b/apps/perms/models/asset_permission.py
@ -89,6 +89,11 @@ class AssetPermission(OrgModelMixin):
    user_groups = models.ManyToManyField('users.UserGroup', blank=True, verbose_name=_("User group"), related_name='%(class)ss')
    assets = models.ManyToManyField('assets.Asset', related_name='granted_by_permissions', blank=True, verbose_name=_("Asset"))
    nodes = models.ManyToManyField('assets.Node', related_name='granted_by_permissions', blank=True, verbose_name=_("Nodes"))
+    # 只保存 @ALL (@INPUT @USER 默认包含，将来在全局设置中进行控制)
+    # 特殊的账号描述
+    # ['@ALL',]
+    # 指定账号授权
+    # ['web', 'root',]
    accounts = models.JSONField(default=list, verbose_name=_("Accounts"))
    actions = models.IntegerField(choices=Action.DB_CHOICES, default=Action.ALL, verbose_name=_("Actions"))
    is_active = models.BooleanField(default=True, verbose_name=_('Active'))
--- a/apps/perms/serializers/init.py
+++ b/apps/perms/serializers/init.py
@ -1,4 +1,5 @@
 # coding: utf-8
 #
-from .base import *
-from .asset import *
+from .permission import *
+from .permission_relation import *
+from .user_permission import *
--- a/apps/perms/serializers/asset/init.py
+++ b/apps/perms/serializers/asset/init.py
@ -1,3 +0,0 @@
-from .permission import *
-from .permission_relation import *
-from .user_permission import *
--- a/apps/perms/serializers/base.py
+++ b/apps/perms/serializers/base.py
@ -1,56 +0,0 @@
-from rest_framework import serializers
-from perms.models import Action
-from orgs.mixins.serializers import BulkOrgResourceModelSerializer
-from rest_framework.fields import empty
-
-__all__ = ['ActionsDisplayField', 'ActionsField', 'BasePermissionSerializer']
-
-
-class ActionsField(serializers.MultipleChoiceField):
-    def __init__(self, *args, **kwargs):
-        kwargs['choices'] = Action.CHOICES
-        super().__init__(*args, **kwargs)
-
-    def run_validation(self, data=empty):
-        data = super(ActionsField, self).run_validation(data)
-        if isinstance(data, list):
-            data = Action.choices_to_value(value=data)
-        return data
-
-    def to_representation(self, value):
-        return Action.value_to_choices(value)
-
-    def to_internal_value(self, data):
-        if not self.allow_empty and not data:
-            self.fail('empty')
-
-        if not data:
-            return data
-
-        return Action.choices_to_value(data)
-
-
-class ActionsDisplayField(ActionsField):
-    def to_representation(self, value):
-        values = super().to_representation(value)
-        choices = dict(Action.CHOICES)
-        return [choices.get(i) for i in values]
-
-
-class BasePermissionSerializer(BulkOrgResourceModelSerializer):
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.set_actions_field()
-
-    def set_actions_field(self):
-        actions = self.fields.get('actions')
-        if not actions:
-            return
-        choices = actions._choices
-        choices = self._filter_actions_choices(choices)
-        actions._choices = choices
-        actions.default = list(choices.keys())
-
-    def _filter_actions_choices(self, choices):
-        return choices
--- a/apps/perms/serializers/asset/permission.py
+++ b/apps/perms/serializers/asset/permission.py
@ -2,50 +2,89 @@
 #

 from rest_framework import serializers
+from rest_framework.fields import empty
 from django.utils.translation import ugettext_lazy as _
 from django.db.models import Q

-from perms.models import AssetPermission, Action
 from assets.models import Asset, Node
 from users.models import User, UserGroup
-from ..base import ActionsField, BasePermissionSerializer
+from perms.models import AssetPermission, Action
+from orgs.mixins.serializers import BulkOrgResourceModelSerializer

-__all__ = ['AssetPermissionSerializer']
+__all__ = ['AssetPermissionSerializer', 'ActionsField']


-class AssetPermissionSerializer(BasePermissionSerializer):
+class ActionsField(serializers.MultipleChoiceField):
+    def __init__(self, **kwargs):
+        kwargs['choices'] = Action.CHOICES
+        super().__init__(**kwargs)
+
+    def run_validation(self, data=empty):
+        data = super(ActionsField, self).run_validation(data)
+        if isinstance(data, list):
+            data = Action.choices_to_value(value=data)
+        return data
+
+    def to_representation(self, value):
+        return Action.value_to_choices(value)
+
+    def to_internal_value(self, data):
+        if not self.allow_empty and not data:
+            self.fail('empty')
+        if not data:
+            return data
+        return Action.choices_to_value(data)
+
+
+class ActionsDisplayField(ActionsField):
+    def to_representation(self, value):
+        values = super().to_representation(value)
+        choices = dict(Action.CHOICES)
+        return [choices.get(i) for i in values]
+
+
+class AssetPermissionSerializer(BulkOrgResourceModelSerializer):
+    users_display = serializers.ListField(
+        child=serializers.CharField(), label=_('Users display'), required=False
+    )
+    user_groups_display = serializers.ListField(
+        child=serializers.CharField(), label=_('User groups display'), required=False
+    )
+    assets_display = serializers.ListField(
+        child=serializers.CharField(), label=_('Assets display'), required=False
+    )
+    nodes_display = serializers.ListField(
+        child=serializers.CharField(), label=_('Nodes display'), required=False
+    )
    actions = ActionsField(required=False, allow_null=True, label=_("Actions"))
    is_valid = serializers.BooleanField(read_only=True, label=_("Is valid"))
    is_expired = serializers.BooleanField(read_only=True, label=_('Is expired'))
-    users_display = serializers.ListField(child=serializers.CharField(), label=_('Users display'), required=False)
-    user_groups_display = serializers.ListField(child=serializers.CharField(), label=_('User groups display'), required=False)
-    assets_display = serializers.ListField(child=serializers.CharField(), label=_('Assets display'), required=False)
-    nodes_display = serializers.ListField(child=serializers.CharField(), label=_('Nodes display'), required=False)

    class Meta:
        model = AssetPermission
        fields_mini = ['id', 'name']
        fields_small = fields_mini + [
            'is_active', 'is_expired', 'is_valid', 'actions',
+            'accounts',
            'created_by', 'date_created', 'date_expired',
            'date_start', 'comment', 'from_ticket'
        ]
        fields_m2m = [
            'users', 'users_display', 'user_groups', 'user_groups_display', 'assets',
-            'assets_display', 'nodes', 'nodes_display', 'accounts',
+            'assets_display', 'nodes', 'nodes_display',
            'users_amount', 'user_groups_amount', 'assets_amount',
            'nodes_amount',
        ]
        fields = fields_small + fields_m2m
        read_only_fields = ['created_by', 'date_created', 'from_ticket']
        extra_kwargs = {
-            'is_expired': {'label': _('Is expired')},
-            'is_valid': {'label': _('Is valid')},
-            'actions': {'label': _('Actions')},
            'users_amount': {'label': _('Users amount')},
            'user_groups_amount': {'label': _('User groups amount')},
            'assets_amount': {'label': _('Assets amount')},
            'nodes_amount': {'label': _('Nodes amount')},
+            'actions': {'label': _('Actions')},
+            'is_expired': {'label': _('Is expired')},
+            'is_valid': {'label': _('Is valid')},
        }

    @classmethod
--- a/apps/perms/serializers/asset/permission_relation.py
+++ b/apps/perms/serializers/asset/permission_relation.py
--- a/apps/perms/serializers/asset/user_permission.py
+++ b/apps/perms/serializers/asset/user_permission.py
@ -5,7 +5,7 @@ from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _

 from assets.models import Node, Asset, Platform
-from perms.serializers.base import ActionsField
+from perms.serializers.permission import ActionsField

 __all__ = [
    'NodeGrantedSerializer',
--- a/apps/tickets/serializers/ticket/apply_application.py
+++ b/apps/tickets/serializers/ticket/apply_application.py
@ -2,7 +2,7 @@ from django.utils.translation import ugettext as _
 from rest_framework import serializers

 from perms.models import ApplicationPermission
-from perms.serializers.base import ActionsField
+from perms.serializers.permission import ActionsField
 from orgs.utils import tmp_to_org
 from applications.models import Application
 from tickets.models import ApplyApplicationTicket
--- a/apps/tickets/serializers/ticket/apply_asset.py
+++ b/apps/tickets/serializers/ticket/apply_asset.py
@ -1,7 +1,7 @@
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers

-from perms.serializers.base import ActionsField
+from perms.serializers.permission import ActionsField
 from perms.models import AssetPermission
 from orgs.utils import tmp_to_org
 from assets.models import Asset, Node